Skip to main content
All Projects

Faxas Hub

infrastructureFeatured

Faxas Hub is a self-hosted operations dashboard built for homelabs running GPU-intensive workloads. It unifies telemetry from Beszel, Uptime Kuma, and Glances through a BFF architecture — giving you a single pane of glass for your entire infrastructure.

Titan

NVIDIA GeForce RTX 5090
Utilization24%
VRAM22.6 GB / 24 GB
41°C
NVIDIA GeForce RTX 5090
Utilization18%
VRAM22.6 GB / 24 GB
40°C
AMD Ryzen Threadripper 9960X 24-CoresCPU12%40 cores / 4.2 GHz / load 11.6
 RAM18%25.4 GB / 118.1 GB
 Storage21%532.3 GB / 2.7 TB

Storage Devices

/dev/mapper/ubuntu--vg-ubuntu--lvLVM Root
532.3 GB / 2.7 TB21%
Sources:BeszelGlances
adminSSO

Authentik SSO

Quick access to identity management

Configured
AppsAdmin

Services

USER

Immich

Self-hosted photo and video management

42ms
Nextcloud

Self-hosted file sync and collaboration platform

118ms
Plex

Media server for movies, TV, and music

23ms
Jellyfin

Open-source media streaming server

31ms
Vaultwarden

Self-hosted password manager

12ms
SearXNG

Privacy-respecting metasearch engine

205ms
Audiobookshelf

Self-hosted audiobook and podcast server

67ms

AI

Ollama

Local large language model runner

89ms
Open WebUI

Web interface for local AI models

134ms
LocalAI

Local AI API compatible with OpenAI

312ms
ComfyUI

Node-based AI image generation workflow

156ms

ADMIN

Beszel

Lightweight server monitoring agent

8ms
Uptime Kuma

Self-hosted uptime monitoring tool

15ms
Portainer

Docker container management UI

22ms
Glances

Cross-platform system monitoring tool

19ms
Nginx Proxy Manager

Reverse proxy management with SSL

6ms
Authentik

Identity provider and SSO platform

45ms
Tailscale

Zero-config mesh VPN

3ms

This is a simulated interface. All data shown is illustrative.

0
Passing Tests
0
Adapters
0 MB
Docker Image
0
Known Services
Source Code

Supported App Ecosystem

89 services auto-categorized across 4 groups

Faxas Hub auto-discovers and categorizes Docker containers using custom faxas.* labels and a curated registry of 89 known services. Each service is assigned to a group — User, AI, Admin, or Other — with offline brand icons and deterministic fallbacks.

User Apps

Immich

Self-hosted photo and video management

Nextcloud

Self-hosted file sync and collaboration platform

SearXNG

Privacy-respecting metasearch engine

Plex

Media server for movies, TV, and music

Jellyfin

Free media server for movies, TV, and music

Vaultwarden

Lightweight Bitwarden-compatible password server

Audiobookshelf

Self-hosted audiobook and podcast server

AI Services

Ollama

Local large language model runner

Open WebUI

Web interface for local AI models

LocalAI

Local AI API compatible with OpenAI

ComfyUI

Node-based Stable Diffusion interface

Admin Tools

Beszel

Lightweight server monitoring agent

Uptime Kuma

Self-hosted uptime monitoring

Portainer

Docker container management UI

Homepage

Application dashboard and launcher

Nginx Proxy Manager

Reverse proxy management with SSL

Glances

System monitoring at a glance

Authentik

Identity provider and SSO platform

Tailscale

Zero-config mesh VPN

Infrastructure

Faxas Hub

GPU-first self-hosted ops dashboard

Docker

Container auto-discovery via socket proxy

Faxas Hub auto-categorizes 89 services across 4 groups using Docker labels and a curated service registry.

Architecture

Four-layer BFF with security boundaries

The architecture follows a strict Backend-for-Frontend pattern. The browser talks only to Next.js API routes — never directly to upstream services. Credentials stay server-side, SSRF protections guard internal network access, and HMAC gates validate upstream connectivity.

1

Browser

Glassmorphic React UI with mobile-first responsive layout and three service view modes.

React 19Tailwind CSS 4Lucide Icons
2

Next.js API Routes

BFF layer that aggregates, caches, and normalizes data from upstream APIs. All credentials stay server-side.

Next.js 15Zod Validationiron-session
3

Integration Adapters

Contract-based adapters with consistent interfaces. Each adapter normalizes upstream data into stable v1 contracts.

TypeScript 5.8Adapter PatternZod Schemas
4

External Services

Upstream monitoring and infrastructure services providing raw telemetry, health data, and container info.

BeszelUptime KumaGlancesDockerNPMTailscale

Security Boundaries

Credentials Server-Side

Upstream API keys never reach the browser. All credentials are managed in the BFF layer.

SSRF Protection

RFC 1918 blocklist prevents server-side requests to private network ranges.

HMAC Enablement Gates

SHA-256 HMAC gates validate adapter connectivity before exposing data paths.

Integration Intelligence

6 adapters with isolated failure containment

Each upstream service has a dedicated adapter that normalizes raw API data into stable v1 contracts via Zod schemas. If an upstream goes down, the adapter returns null data with a health status — no cascading failures, no broken UI.

Beszel

System Metrics

Primary telemetry source for CPU, RAM, GPU, and storage metrics across hosts and containers.

Failure mode:

Returns null data with health=down; UI shows stale indicator

Normalization:

Raw Beszel API → stable v1 metrics contract via Zod schemas

Uptime Kuma

Health Monitoring

Service health checks, uptime percentages, and latency monitoring with alerting support.

Failure mode:

Returns null data with health=down; monitors show unknown status

Normalization:

Kuma push API → v1 health contract with normalized status enum

Glances

Device Telemetry

Per-device breakdowns of CPU, memory, disk, and network. Optional GPU fallback when Beszel lacks support.

Failure mode:

Returns null data with health=down; device metrics unavailable

Normalization:

Glances REST API → v1 device contract with unified metric shapes

Docker

Container Discovery

Container auto-discovery via socket proxy, status tracking, and label-based service categorization.

Failure mode:

Returns null data with health=down; service list shows cached state

Normalization:

Docker socket API → v1 services contract with faxas.* label parsing

Nginx Proxy Manager

Proxy Resolution

Reverse proxy URL resolution for exposed services. Matches container names to proxy hosts.

Failure mode:

Returns null data with health=down; URLs fall back to direct IPs

Normalization:

NPM API → v1 proxy-host contract mapping container → domain

Tailscale

Network Overlay

VPN mesh network integration for LAN discovery and Tailscale-based link generation.

Failure mode:

Returns null data with health=down; links fall back to LAN addresses

Normalization:

Tailscale API → v1 device-hostname contract for link generation

Operational Readiness

Engineering metrics from the source repository

Faxas Hub ships with comprehensive test coverage, a minimal Docker footprint, and security hardening built into every layer — from SSRF protection to encrypted sessions.

758
Passing Tests
Across 66 test files
~100 MB
Docker Image
Alpine-based multi-stage build
6
Adapters
Beszel, Kuma, Glances, Docker, NPM, Tailscale
89
Known Services
32 user + 7 AI + 50 admin
Zero-config
Setup Wizard
No manual .env required
61
Brand Icons
Offline, no CDN dependency

Security Hardening

  • SSRF protection with RFC 1918 blocklist
  • HMAC-SHA256 enablement gates
  • Rate-limited authentication endpoints
  • Encrypted session cookies (iron-session)
  • Docker socket proxy isolation

Project Access

Source code and documentation

Why no live demo?

Faxas Hub runs on private homelab infrastructure with real upstream services — there is no public browser demo.

All capability claims are backed by verified captures from the running system, architecture documentation, and engineering metrics from the source repository.

Source Code